Overview

overview

10

Static

static

10

arm7

linux_armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    arm7

  • Size

    135KB

  • Sample

    211125-tagh5sbaa5

  • MD5

    cf5903921d843e5851f6b4f367f42750

  • SHA1

    8095beebfa12ac05ea1b796175ef00fa13375b18

  • SHA256

    e872670529082cb5d3bc3257cefdedafa15127665418503ea240cd390b918a01

  • SHA512

    c6a333ef17a86386b7fa8ba048d06114556f3a86b98c4042439396a85ac912960d423e15194517fe46de6b087e34c993047521c938ec6d1f0b7bd4fd9e17e81b

Score
10/10
mirailinux

Malware Config

Targets

    • Target

      arm7

    • Size

      135KB

    • MD5

      cf5903921d843e5851f6b4f367f42750

    • SHA1

      8095beebfa12ac05ea1b796175ef00fa13375b18

    • SHA256

      e872670529082cb5d3bc3257cefdedafa15127665418503ea240cd390b918a01

    • SHA512

      c6a333ef17a86386b7fa8ba048d06114556f3a86b98c4042439396a85ac912960d423e15194517fe46de6b087e34c993047521c938ec6d1f0b7bd4fd9e17e81b

    Score
    9/10

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Write file to user bin folder

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

2
T1574

Privilege Escalation

Hijack Execution Flow

2
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

2
T1574

Credential Access

Discovery

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks